Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for simatic_mv550_h_firmware by siemens

    CVE-2023-36521 (GCVE-0-2023-36521)

    Vulnerability from nvd – Published: 2023-07-11 09:07 – Updated: 2024-11-21 14:09
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC MV540 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV540 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 U Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 X Affected: All versions < V3.3.4
    Create a notification for this product.
    siemens simatic_mv540_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv540_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_u Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_x Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:52.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_u",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_x",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T14:06:23.456400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T14:09:57.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3.4), SIMATIC MV540 S (All versions \u003c V3.3.4), SIMATIC MV550 H (All versions \u003c V3.3.4), SIMATIC MV550 S (All versions \u003c V3.3.4), SIMATIC MV560 U (All versions \u003c V3.3.4), SIMATIC MV560 X (All versions \u003c V3.3.4). The result synchronization server of the affected products contains a\r\nvulnerability that may lead to a denial of service condition. An attacker may\r\ncause a denial of service situation of all socket-based communication of the\r\naffected products if the result server is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T09:07:13.637Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-36521",
        "datePublished": "2023-07-11T09:07:13.637Z",
        "dateReserved": "2023-06-22T12:37:24.976Z",
        "dateUpdated": "2024-11-21T14:09:57.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35921 (GCVE-0-2023-35921)

    Vulnerability from nvd – Published: 2023-07-11 09:07 – Updated: 2024-11-13 14:28
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC MV540 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV540 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 U Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 X Affected: All versions < V3.3.4
    Create a notification for this product.
    siemens simatic_mv540_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv540_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_u Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_x Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv540_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv540_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv550_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv560_u",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv560_x",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T14:25:45.446014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T14:28:33.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3.4), SIMATIC MV540 S (All versions \u003c V3.3.4), SIMATIC MV550 H (All versions \u003c V3.3.4), SIMATIC MV550 S (All versions \u003c V3.3.4), SIMATIC MV560 U (All versions \u003c V3.3.4), SIMATIC MV560 X (All versions \u003c V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T09:07:09.314Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-35921",
        "datePublished": "2023-07-11T09:07:09.314Z",
        "dateReserved": "2023-06-20T10:46:34.162Z",
        "dateUpdated": "2024-11-13T14:28:33.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35920 (GCVE-0-2023-35920)

    Vulnerability from nvd – Published: 2023-07-11 09:07 – Updated: 2024-11-12 16:53
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC MV540 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV540 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 U Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 X Affected: All versions < V3.3.4
    Create a notification for this product.
    siemens simatic_mv540_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv540_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_u Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_x Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_u",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_x",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T16:50:03.984084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T16:53:53.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3.4), SIMATIC MV540 S (All versions \u003c V3.3.4), SIMATIC MV550 H (All versions \u003c V3.3.4), SIMATIC MV550 S (All versions \u003c V3.3.4), SIMATIC MV560 U (All versions \u003c V3.3.4), SIMATIC MV560 X (All versions \u003c V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T09:07:08.275Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-35920",
        "datePublished": "2023-07-11T09:07:08.275Z",
        "dateReserved": "2023-06-20T10:46:34.162Z",
        "dateUpdated": "2024-11-12T16:53:53.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33138 (GCVE-0-2022-33138)

    Vulnerability from nvd – Published: 2022-07-12 10:06 – Updated: 2024-08-03 08:01
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:01:19.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T10:06:46.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-33138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC MV540 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV540 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 U",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 X",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306: Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33138",
        "datePublished": "2022-07-12T10:06:46.000Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:01:19.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33137 (GCVE-0-2022-33137)

    Vulnerability from nvd – Published: 2022-07-12 10:06 – Updated: 2024-08-03 08:01
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
    Severity
    No CVSS data available.
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:01:19.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\u0027 sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T10:06:44.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-33137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC MV540 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV540 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 U",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 X",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\u0027 sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-613: Insufficient Session Expiration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33137",
        "datePublished": "2022-07-12T10:06:44.000Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:01:19.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36521 (GCVE-0-2023-36521)

    Vulnerability from cvelistv5 – Published: 2023-07-11 09:07 – Updated: 2024-11-21 14:09
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC MV540 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV540 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 U Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 X Affected: All versions < V3.3.4
    Create a notification for this product.
    siemens simatic_mv540_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv540_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_u Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_x Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:52.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_u",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_x",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T14:06:23.456400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T14:09:57.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3.4), SIMATIC MV540 S (All versions \u003c V3.3.4), SIMATIC MV550 H (All versions \u003c V3.3.4), SIMATIC MV550 S (All versions \u003c V3.3.4), SIMATIC MV560 U (All versions \u003c V3.3.4), SIMATIC MV560 X (All versions \u003c V3.3.4). The result synchronization server of the affected products contains a\r\nvulnerability that may lead to a denial of service condition. An attacker may\r\ncause a denial of service situation of all socket-based communication of the\r\naffected products if the result server is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T09:07:13.637Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-36521",
        "datePublished": "2023-07-11T09:07:13.637Z",
        "dateReserved": "2023-06-22T12:37:24.976Z",
        "dateUpdated": "2024-11-21T14:09:57.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35921 (GCVE-0-2023-35921)

    Vulnerability from cvelistv5 – Published: 2023-07-11 09:07 – Updated: 2024-11-13 14:28
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC MV540 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV540 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 U Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 X Affected: All versions < V3.3.4
    Create a notification for this product.
    siemens simatic_mv540_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv540_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_u Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_x Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv540_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv540_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv550_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv560_u",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "simatic_mv560_x",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T14:25:45.446014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T14:28:33.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3.4), SIMATIC MV540 S (All versions \u003c V3.3.4), SIMATIC MV550 H (All versions \u003c V3.3.4), SIMATIC MV550 S (All versions \u003c V3.3.4), SIMATIC MV560 U (All versions \u003c V3.3.4), SIMATIC MV560 X (All versions \u003c V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T09:07:09.314Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-35921",
        "datePublished": "2023-07-11T09:07:09.314Z",
        "dateReserved": "2023-06-20T10:46:34.162Z",
        "dateUpdated": "2024-11-13T14:28:33.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35920 (GCVE-0-2023-35920)

    Vulnerability from cvelistv5 – Published: 2023-07-11 09:07 – Updated: 2024-11-12 16:53
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC MV540 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV540 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 H Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV550 S Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 U Affected: All versions < V3.3.4
    Create a notification for this product.
    Siemens SIMATIC MV560 X Affected: All versions < V3.3.4
    Create a notification for this product.
    siemens simatic_mv540_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv540_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_h Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv550_s Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_u Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_mv560_x Affected: 0 , < V3.3.4 (custom)
        cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv540_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_h",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv550_s",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_u",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_mv560_x",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V3.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T16:50:03.984084Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T16:53:53.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3.4), SIMATIC MV540 S (All versions \u003c V3.3.4), SIMATIC MV550 H (All versions \u003c V3.3.4), SIMATIC MV550 S (All versions \u003c V3.3.4), SIMATIC MV560 U (All versions \u003c V3.3.4), SIMATIC MV560 X (All versions \u003c V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T09:07:08.275Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-35920",
        "datePublished": "2023-07-11T09:07:08.275Z",
        "dateReserved": "2023-06-20T10:46:34.162Z",
        "dateUpdated": "2024-11-12T16:53:53.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33138 (GCVE-0-2022-33138)

    Vulnerability from cvelistv5 – Published: 2022-07-12 10:06 – Updated: 2024-08-03 08:01
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:01:19.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T10:06:46.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-33138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC MV540 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV540 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 U",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 X",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306: Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33138",
        "datePublished": "2022-07-12T10:06:46.000Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:01:19.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33137 (GCVE-0-2022-33137)

    Vulnerability from cvelistv5 – Published: 2022-07-12 10:06 – Updated: 2024-08-03 08:01
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.
    Severity
    No CVSS data available.
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:01:19.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC MV540 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV540 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 H",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV550 S",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 U",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "SIMATIC MV560 X",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\u0027 sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T10:06:44.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-33137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC MV540 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV540 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 H",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV550 S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 U",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC MV560 X",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC MV540 H (All versions \u003c V3.3), SIMATIC MV540 S (All versions \u003c V3.3), SIMATIC MV550 H (All versions \u003c V3.3), SIMATIC MV550 S (All versions \u003c V3.3), SIMATIC MV560 U (All versions \u003c V3.3), SIMATIC MV560 X (All versions \u003c V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\u0027 sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-613: Insufficient Session Expiration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33137",
        "datePublished": "2022-07-12T10:06:44.000Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:01:19.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }